storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/dockerscripts/docker-entrypoint.sh (about)

     1  #!/bin/sh
     2  #
     3  # MinIO Cloud Storage, (C) 2019 MinIO, Inc.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  #
    17  
    18  # If command starts with an option, prepend minio.
    19  if [ "${1}" != "minio" ]; then
    20      if [ -n "${1}" ]; then
    21          set -- minio "$@"
    22      fi
    23  fi
    24  
    25  ## Look for docker secrets at given absolute path or in default documented location.
    26  docker_secrets_env_old() {
    27      if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then
    28          ACCESS_KEY_FILE="$MINIO_ACCESS_KEY_FILE"
    29      else
    30          ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE"
    31      fi
    32      if [ -f "$MINIO_SECRET_KEY_FILE" ]; then
    33          SECRET_KEY_FILE="$MINIO_SECRET_KEY_FILE"
    34      else
    35          SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE"
    36      fi
    37  
    38      if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then
    39          if [ -f "$ACCESS_KEY_FILE" ]; then
    40              MINIO_ACCESS_KEY="$(cat "$ACCESS_KEY_FILE")"
    41              export MINIO_ACCESS_KEY
    42          fi
    43          if [ -f "$SECRET_KEY_FILE" ]; then
    44              MINIO_SECRET_KEY="$(cat "$SECRET_KEY_FILE")"
    45              export MINIO_SECRET_KEY
    46          fi
    47      fi
    48  }
    49  
    50  docker_secrets_env() {
    51      if [ -f "$MINIO_ROOT_USER_FILE" ]; then
    52          ROOT_USER_FILE="$MINIO_ROOT_USER_FILE"
    53      else
    54          ROOT_USER_FILE="/run/secrets/$MINIO_ROOT_USER_FILE"
    55      fi
    56      if [ -f "$MINIO_ROOT_PASSWORD_FILE" ]; then
    57          SECRET_KEY_FILE="$MINIO_ROOT_PASSWORD_FILE"
    58      else
    59          SECRET_KEY_FILE="/run/secrets/$MINIO_ROOT_PASSWORD_FILE"
    60      fi
    61  
    62      if [ -f "$ROOT_USER_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then
    63          if [ -f "$ROOT_USER_FILE" ]; then
    64              MINIO_ROOT_USER="$(cat "$ROOT_USER_FILE")"
    65              export MINIO_ROOT_USER
    66          fi
    67          if [ -f "$SECRET_KEY_FILE" ]; then
    68              MINIO_ROOT_PASSWORD="$(cat "$SECRET_KEY_FILE")"
    69              export MINIO_ROOT_PASSWORD
    70          fi
    71      fi
    72  }
    73  
    74  ## Set KMS_MASTER_KEY from docker secrets if provided
    75  docker_kms_encryption_env() {
    76      if [ -f "$MINIO_KMS_SECRET_KEY_FILE" ]; then
    77          KMS_SECRET_KEY_FILE="$MINIO_KMS_SECRET_KEY_FILE"
    78      else
    79          KMS_SECRET_KEY_FILE="/run/secrets/$MINIO_KMS_SECRET_KEY_FILE"
    80      fi
    81  
    82      if [ -f "$KMS_SECRET_KEY_FILE" ]; then
    83          MINIO_KMS_SECRET_KEY="$(cat "$KMS_SECRET_KEY_FILE")"
    84          export MINIO_KMS_SECRET_KEY
    85      fi
    86  }
    87  
    88  ## Legacy
    89  ## Set SSE_MASTER_KEY from docker secrets if provided
    90  docker_sse_encryption_env() {
    91      KMS_SECRET_KEY_FILE="/run/secrets/$MINIO_KMS_MASTER_KEY_FILE"
    92  
    93      if [ -f "$KMS_SECRET_KEY_FILE" ]; then
    94          MINIO_KMS_SECRET_KEY="$(cat "$KMS_SECRET_KEY_FILE")"
    95          export MINIO_KMS_SECRET_KEY
    96      fi
    97  }
    98  
    99  # su-exec to requested user, if service cannot run exec will fail.
   100  docker_switch_user() {
   101      if [ ! -z "${MINIO_USERNAME}" ] && [ ! -z "${MINIO_GROUPNAME}" ]; then
   102          if [ ! -z "${MINIO_UID}" ] && [ ! -z "${MINIO_GID}" ]; then
   103              groupadd -g "$MINIO_GID" "$MINIO_GROUPNAME" && \
   104                  useradd -u "$MINIO_UID" -g "$MINIO_GROUPNAME" "$MINIO_USERNAME"
   105          else
   106              groupadd "$MINIO_GROUPNAME" && \
   107                  useradd -g "$MINIO_GROUPNAME" "$MINIO_USERNAME"
   108          fi
   109          exec setpriv --reuid="${MINIO_USERNAME}" --regid="${MINIO_GROUPNAME}" --keep-groups "$@"
   110      else
   111          exec "$@"
   112      fi
   113  }
   114  
   115  ## Set access env from secrets if necessary.
   116  docker_secrets_env_old
   117  
   118  ## Set access env from secrets if necessary.
   119  docker_secrets_env
   120  
   121  ## Set kms encryption from secrets if necessary.
   122  docker_kms_encryption_env
   123  
   124  ## Set sse encryption from secrets if necessary. Legacy
   125  docker_sse_encryption_env
   126  
   127  ## Switch to user if applicable.
   128  docker_switch_user "$@"